Methods and apparatuses are provided for deploying relay nodes in a communication network. A relay node can initially be wirelessly authenticated to a network entity using initial security credentials. In response to a successful authentication, the relay node is authorized to wirelessly communicate with the communication network for a limited purpose of configuring the relay node for relay device operations. The relay node can receive new security credentials from the communication network, and is subsequently re-authenticated to the network entity using the new security credentials. In response to a successful re-authentication, the relay node is authorized by the network to operate as a relay device for conveying traffic between one or more access terminals and the communication network.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A relay node, comprising: a wireless communication interface; and a processing circuit coupled to the wireless communication interface, the processing circuit adapted to: authenticate the relay node to a network entity via the wireless communication interface using initial security credentials; receive, in response to the wireless authentication using the initial security credentials, authorization to wirelessly communicate with a communication network for a limited purpose of configuring the relay node; receive new security credentials via the wireless communication interface; and re-authenticate the relay node to the network entity using the new security credentials prior to operating as a relay device in the communication network.
2. The relay node of claim 1 , wherein the new security credentials include a new relay node identity and a new shared secret associated with the new relay node identity; and the processing circuit is further adapted to: re-authenticate the relay node to the network entity using the new relay node identity and the new shared secret associated with the new relay node identity prior to operating as a relay device in the communication network.
3. The relay node of claim 2 , wherein the new relay node identity is associated with a subscription profile authorizing network access to the relay node for operating as a relay device conveying traffic between one or more access terminals and the communication network.
4. The relay node of claim 1 , wherein the processing circuit is further adapted to: re-authenticate the relay node to the network entity using the new security credentials and the initial security credentials.
5. The relay node of claim 1 , wherein the new security credentials include at least one of operator credentials or a shared key.
6. The relay node of claim 1 , wherein the initial security credentials include an initial relay node identity and an initial shared secret associated with the initial relay node identity.
7. The relay node of claim 6 , wherein: at the time of the authentication with the network entity, the initial relay node identity is associated with a subscription profile authorizing network access to the relay node for a limited purpose of configuring the relay node; and at the time of the re-authentication with the network entity, the initial relay node identity is associated with a new subscription profile authorizing network access to the relay node for operating as a relay device conveying traffic between one or more access terminals and the communication network.
8. The relay node of claim 1 , further comprising a trusted environment coupled to the processing circuit, wherein the processing circuit is further adapted to: store the new security credentials in the trusted environment.
9. The relay node of claim 8 , wherein at least some of the initial security credentials are stored in the trusted environment.
10. The relay node of claim 1 , further comprising a secured processor coupled to the processing circuit, wherein at least some of the initial security credentials are stored in the secured processor.
11. The relay node of claim 1 , wherein the processing circuit is further adapted to: receive configuration data via the wireless communications interface for configuring the relay node as a relay device in the communication network, the configuration data being received prior to re-authentication to the network entity.
12. The relay node of claim 1 , wherein: the relay node appears as a user device to the network entity when authenticating with the network entity with the initial security parameters; and the relay node appears as a relay device when re-authenticating with the network entity with the new security parameters.
13. A method operational on a relay node, comprising: wirelessly authenticating the relay node to a network entity using initial security credentials; receiving authorization to wirelessly communicate with a communication network for a limited purpose of configuring the relay node in response to the wireless authentication using the initial security credentials; receiving new security credentials; and re-authenticating the relay node to the network entity using the new security credentials prior to being enabled to operate as a relay device in the communication network.
14. The method of claim 13 , wherein: receiving the new security credentials comprises receiving a new relay node identity and a new shared secret associated with the new relay node identity; and re-authenticating with the network entity using the new security credentials comprises re-authenticating with the network entity using the new relay node identity and the new shared secret associated with the new relay node identity.
15. The method of claim 14 , wherein the new relay node identity is associated with a subscription profile authorizing network access to the relay node for operating as a relay device conveying traffic between one or more access terminals and the communication network.
16. The method of claim 13 , wherein re-authenticating with the network entity using the new security credentials further comprises: re-authenticating with the network entity using the new security credentials and the initial security credentials.
17. The method of claim 16 , further comprising: wirelessly authenticating with the network entity using an initial relay node identity and an initial shared secret associated with the initial relay node identity, wherein the initial relay node identity is associated with a subscription profile authorizing network access to the relay node for a limited purpose of configuring the relay node at the time of the wireless authentication with the network entity; and re-authenticating with the network entity using the initial relay node identity and the initial shared secret associated with the initial relay node identity, wherein, at the time of the re-authentication with the network entity, the initial relay node identity is associated with a new subscription profile authorizing network access to the relay node for operating as a relay device conveying network traffic between one or more access terminals and the communication network.
18. The method of claim 13 , wherein receiving the new security credentials comprises receiving at least one of operator credentials or a shared key.
19. The method of claim 13 , further comprising: appearing as a user device to the network entity when wirelessly authenticating with the network entity using the initial security credentials; and appearing as a relay device to the network entity when re-authenticating with the network entity using the new security credentials.
20. The method of claim 13 , further comprising: receiving configuration data for configuring the relay node as a relay device in the communication network, the configuration data being received prior to re-authentication to the network entity.
21. A relay node, comprising: means for wirelessly authenticating with a network entity using initial security credentials; means for receiving authorization to wirelessly communicate with a communication network for a limited purpose of configuring the relay node in response to the wireless authentication using the initial security credentials; means for receiving new security credentials; and means for re-authenticating with the network entity using the new security credentials prior to being enabled to operate as a relay device in the communication network.
22. A non-transitory processor-readable medium comprising instructions operational on a relay node, which when executed by a processor causes the processor to: wirelessly authenticate the relay node to a network entity using initial security credentials; receive authorization to wirelessly communicate with a communication network for a limited purpose of configuring the relay node in response to the wireless authentication using the initial security credentials; receive new security credentials; and re-authenticate the relay node to the network entity using the new security credentials prior to being enabled to operate as a relay device in the communication network.
23. A network entity, comprising: a communications interface; and a processing circuit coupled to the communications interface, the processing circuit adapted to: authenticate a relay node using initial security credentials associated with the relay node; authorize the relay node to wirelessly communicate with a communication network for a limited purpose of configuring the relay node after a successful authentication of the relay node using the initial security credentials; re-authenticate the relay node using new security credentials; and authorize the relay node to operate as a relay device in the communication network after a successful re-authentication of the relay node.
24. The network entity of claim 23 , wherein the processing circuit is adapted to authorize the relay node to wirelessly communicate with the communication network for a limited purpose of obtaining new security credentials and configuration data.
25. The network entity of claim 23 , wherein the new security credentials include a new relay node identity and a new shared secret associated with the new relay node identity.
26. The network entity of claim 25 , wherein the processing circuit is further adapted to: obtain a subscription profile associated with the new relay node identity when re-authenticating the relay node, wherein the subscription profile authorizes network access to the relay node for operating as a relay device conveying traffic between one or more access terminals and the communication network.
27. The network entity of claim 23 , wherein the new security credentials include at least one of operator credentials or a shared key.
28. The network entity of claim 23 , wherein the processing circuit is adapted to: re-authenticate the relay node using the new security credentials and the initial security credentials.
29. The network entity of claim 28 , wherein the initial security credentials include an initial relay node identity and an initial shared secret associated with the initial relay node identity.
30. The network entity of claim 29 , wherein the processing circuit is further adapted to: obtain a subscription profile associated with the initial relay node identity to authenticate the relay node using the initial security credentials, wherein the subscription profile authorizes network access for the relay node for a limited purpose of configuring the relay node; obtain a new subscription profile associated with the initial relay node identity to re-authenticate the relay node using the new security credentials, wherein the new subscription profile authorizes sufficient network access for the relay node to enable the relay node to operate as a relay device conveying traffic between one or more access terminals and the communication network.
31. The network entity of claim 23 , wherein the relay node appears as a user device when authenticated using the initial security credentials, and the relay node appears as a relay device when re-authenticating using the new security credentials.
32. The network entity of claim 23 , wherein the network entity comprises a mobile management entity (MME).
33. A method operational on a network entity, comprising: authenticating a relay node using initial security credentials associated with the relay node; authorizing the relay node to wirelessly communicate with a communication network for a limited purpose of configuring the relay node after a successful authentication of the relay node using the initial security credentials; re-authenticating the relay node using new security credentials; and authorizing the relay node to operate as a relay device in the communication network after successfully re-authenticating the relay node.
34. The method of claim 33 , wherein authorizing the relay node to wirelessly communicate with a communication network for a limited purpose of configuring the relay node, comprises: authorizing the relay node to wirelessly communicate with a communication network for a limited purpose of obtaining new security credentials and configuration data.
35. The method of claim 33 , wherein re-authenticating the relay node using the new security credentials, includes: re-authenticating the relay node using a new relay node identity and a new shared secret associated with the new relay node identity.
36. The method of claim 35 , wherein re-authenticating the relay node using the new relay node identity and the new shared secret associated with the new relay node identity comprises: obtaining a subscription profile associated with the new relay node identity, wherein the subscription profile authorizes network access to the relay node for operating as a relay device conveying traffic between one or more access terminals and the communication network.
37. The method of claim 33 , wherein the new security credentials include at least one of operator credentials or a shared key.
38. The method of claim 33 , wherein re-authenticating the relay node comprises: re-authenticating the relay node using the new security credentials and the initial security credentials.
39. The method of claim 38 , wherein the initial security credentials include an initial relay node identity and an initial shared secret associated with the initial relay node identity.
40. The method of claim 39 , wherein: authenticating the relay node using the initial security credentials comprises obtaining a subscription profile associated with the initial relay node identity, wherein the subscription profile authorizes network access for the relay node for a limited purpose of configuring the relay node; and re-authenticating the relay node using the new security credentials comprises obtaining a new subscription profile associated with the initial relay node identity, wherein the new subscription profile authorizes sufficient network access for the relay node to enable the relay node to operate as a relay device conveying traffic between one or more access terminals and the communication network.
41. The method of claim 33 , wherein: authenticating the relay node using the initial security credentials comprises authenticating the relay node appearing to the network entity as a user device; and re-authenticating the relay node using the new security credentials comprises re-authenticating the relay node appearing to the network entity as a relay device.
42. A network entity, comprising: means for authenticating a relay node using initial security credentials associated with the relay node; means for authorizing the relay node to wirelessly communicate with a communication network for a limited purpose of configuring the relay node after a successful authentication of the relay node using the initial security credentials; means for re-authenticating the relay node using new security credentials; and means for authorizing the relay node to operate as a relay device in the communication network after successfully re-authenticating the relay node.
43. A non-transitory processor-readable medium comprising instructions operational on a network entity, which when executed by a processor causes the processor to: authenticate a relay node using initial security credentials associated with the relay node; authorize the relay node to wirelessly communicate with a communication network for a limited purpose of configuring the relay node after a successful authentication of the relay node using the initial security credentials; re-authenticate the relay node using new security credentials; and authorize the relay node to operate as a relay device in the communication network after successfully re-authenticating the relay node.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 16, 2011
September 16, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.